Phone and/or Email App hacked

I think that my Hotmail and/or S4 has been hacked. Last Monday I received word that a strange email was sent from my account with a link to skin care or something like that, so I changed my PW. On Friday, I received an email from Outlook that says my account has been compromised and I should change my PW, so I did, again. Sunday night, I'm told that another strange email was from my Hotmail account, so I change my PW again, 3rd time within a week. Each PW wasn't overly hard, but always contained both letters and numbers, so not super easy to crack I wouldn't think. So I started to try to track down the source, I removed email accounts from my phone on Monday (I have the stock email app set to check 2 accounts and have yet to have an issue with the second account). I also noticed in the Hotmail access log that my account was being accessed in 2 other states while all this was going on. So, all was going well and today I set up the email app with my Hotmail account info so I could check my email from my phone. Within 2 hours, my account was accessed from out of state again, but as far as I can tell nothing was sent.

I've read that its pretty simple to send out an email using an account that you don't have access too directly, just set up to use as a sent address, nothing shows up in my sent items so that would support this possibility. It's the account access log that has me worried, they still seem to be accessing my account. I've had AVG on my phone for quite some time now and that doesn't pick up anything, tonight I DL'd Lookout and that also came back as a clear scan.

My phone is still stock, would a factory reset fix the issue? I'd question whether or not a reset would get rid of the keylogger/spyware/malware or whatever is creating this problem. What about rooting and flashing a rom? What else could be causing the issue? I'm afraid that if I close the Hotmail account that there would still be something on my phone that's giving others access to my accounts.

I think that my Hotmail and/or S4 has been hacked. Last Monday I received word that a strange email was sent from my account with a link to skin care or something like that, so I changed my PW. On Friday, I received an email from Outlook that says my account has been compromised and I should change my PW, so I did, again. Sunday night, I'm told that another strange email was from my Hotmail account, so I change my PW again, 3rd time within a week. Each PW wasn't overly hard, but always contained both letters and numbers, so not super easy to crack I wouldn't think. So I started to try to track down the source, I removed email accounts from my phone on Monday (I have the stock email app set to check 2 accounts and have yet to have an issue with the second account). I also noticed in the Hotmail access log that my account was being accessed in 2 other states while all this was going on. So, all was going well and today I set up the email app with my Hotmail account info so I could check my email from my phone. Within 2 hours, my account was accessed from out of state again, but as far as I can tell nothing was sent.

I've read that its pretty simple to send out an email using an account that you don't have access too directly, just set up to use as a sent address, nothing shows up in my sent items so that would support this possibility. It's the account access log that has me worried, they still seem to be accessing my account. I've had AVG on my phone for quite some time now and that doesn't pick up anything, tonight I DL'd Lookout and that also came back as a clear scan.

My phone is still stock, would a factory reset fix the issue? I'd question whether or not a reset would get rid of the keylogger/spyware/malware or whatever is creating this problem. What about rooting and flashing a rom? What else could be causing the issue? I'm afraid that if I close the Hotmail account that there would still be something on my phone that's giving others access to my accounts.

Sorry for the book, T.I.A.

I'm not familiar with Hotmail, but many email providers allow 2-factor authentication. I would definitely suggest using that if it is available to you.

Check the IP addresses on the accesses from other states - do they match your ISP? Sometimes ISPs give out addresses that show up as different states. If Hotmail doesn't show ISP, you can put the IPs into the search at http://bgp.he.net/ and it should show you the ISP.

It is indeed trivial to send email appearing to be 'from' any account without access/relation at all to the account. Unfortunately spammers often take advantage of that and there's not really anything you can do about it.

I did track the IP address and then Googled what came back from the search (Cellco Partnership DBA Verizon Wireless) and it appears that this is tied with VZ and the related towers. It just seems weird that at one point it says its being accessed in Minn and the next time in Colo but I'm in So Dak and haven't traveled far from home since all this started.

Regardless, last night another email was sent with my email being used as the sending address. I've decided to close my Hotmail account because of all the hassle. I'm still looking for some advise on whether or not I need to reset the phone or possibly root and flash my phone in order to get rid of anything that might be stored on my phone. Is it worth worrying about or should I just move on?

I did track the IP address and then Googled what came back from the search (Cellco Partnership DBA Verizon Wireless) and it appears that this is tied with VZ and the related towers. It just seems weird that at one point it says its being accessed in Minn and the next time in Colo but I'm in So Dak and haven't traveled far from home since all this started.

Regardless, last night another email was sent with my email being used as the sending address. I've decided to close my Hotmail account because of all the hassle. I'm still looking for some advise on whether or not I need to reset the phone or possibly root and flash my phone in order to get rid of anything that might be stored on my phone. Is it worth worrying about or should I just move on?

Can you PM me the full headers of the email that was sent? I should be able to see in them how it's being done -- whether through your actual account, hotmail's servers, or just forging your email as the 'from' address.

You'd have to get them from the person who received it... in gmail it's as simple as clicking the little arrow and then 'Show Original', but the method to show headers will vary by client/provider, should be easy to google though.

About the IPs, it's not unheard of to be assigned IPs from a state or two over. It's obviously not an ideal configuration, no idea why it happens, but it has happened to me several times in the past. But we can't say they were your phone unless you've been keeping track of what external IPs your phone has been getting...
It is a really good sign that they're not some weird server host in russia, etc... though.

It's very common for spammers to forge a sender's email address - they can easily send spam which is "from" you without having any access to your account whatsoever. Some of that spam will get bounced back to you based on the use of your address, not because it was actually sent from your account. The bounced spam should include the headers it was originally sent with, from which one can tell where it really originated.

Are you sure the "out of state" access isn't just legitimate access to the account from your phone? IP addresses are logical, not physical. The geoIP databases which try to map addresses to locations aren't perfect, and your cell carrier may in fact be associating your phone with an IP mapped to a different state.

XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality.Are you a developer? | Terms of Service